On Fri, 2011-07-29 at 08:40 -0700, Brian Weis wrote: > Hi Elwyn, > > Thanks much for your detailed review. We'll handle your minor issues ASAP, > but this email will address the major issue below. > > On Jul 19, 2011, at 3:10 PM, Elwyn Davies wrote: > > > I am the assigned Gen-ART reviewer for this draft. For background on > > Gen-ART, please see the FAQ at > > <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. > > > > Please resolve these comments along with any other Last Call comments > > you may receive. > > > > Document: draft-ietf-msec-gdoi-update-09.txt > > Reviewer: Elwyn Davies > > Review Date: 19 July 2011 > > IETF LC End Date: 19 July 2011 > > IESG Telechat date: (if known) - > > > > Summary: > > Not ready. > > > > Major issues: > > One has to ask: Why is an updated protocol being based on ISAKMP/RFC > > 2408 with references to RFC 2407 and RFC 2409 when all these are now > > obsolete? > > This is a reasonable question to ask. The rationale stated by the document > shepherd addresses this question: > > "Among the normative references are 3 documents that have been obsoleted by > the IPsec-v3 RFCs (RFC 4301, etc.) These RFCs were made obsolete the > publication of IKEv2, without regard for the fact that although IKEv1 was > directly obsoleted by IKEv2, other RFCs relying on those protocol definitions > were not directly obsoleted by the publishing of IKEv2. WG chairs believe > that updating GDOI as defined in RFC 3547 (and thus continuing to rely on > these references) is necessary for interoperability." > > Some additional thoughts: > - There are multiple implementations of the GDOI specification. > Inconsistencies have been noted in the standard that should be resolved to > ensure their interoperability. As a related matter, some of the IANA > definitions need to be clarified. > - GDOI was published quite early in MSEC's history. Since that time the > working group published documents describing how group key management systems > should interact with IPsec, and also describing how to deal with cipher > counter modes. The update document brings GDOI into conformance with those > later published documents. > - Because RFC 3547 was published so long ago, the required ciphers need > updating to match current cryptographic guidance. > > Thanks, > Brian
Hi, Brian. Clearly the WG thought this was the appropriate way forwards. If Sean and the IESG are willing to accept this as well, then I don't have a problem with this. However, I think that incorporating something like this justification either as a note after the abstract or into Section 1 would be helpful. Regards, Elwyn _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
